Newsgroups: comp.dcom.sys.cisco
Path: utzoo!utgpu!cunews!bnrgate!bwdls61.bnr.ca!bwdls56!fortinp
From: fortinp@bwdls56.bnr.ca (Pierre Fortin)
Subject: Re: Configuration problem
Message-ID: <1991Jan6.065127.29308@bwdls61.bnr.ca>
Sender: usenet@bwdls61.bnr.ca (Use Net)
Organization: Bell-Northern Research, Ottawa, Canada
References: <2392@bnlux0.bnl.gov>
Date: Sun, 6 Jan 91 06:51:27 GMT

In article <2392@bnlux0.bnl.gov>, drs@bnlux0.bnl.gov (David R. Stampf) writes:
> 
> 	Cisco routers always seem to be reliable and fast, but always seem to
> fall short of letting you do what you *want* to do. Here is the latest problem
> we face.

"always" is a little strong isn't it?  Your "problem" (below) is of your 
own making, so...

> 
> 	I'd like to assign a second IP address to an ethernet interface on my
> router. The reason is that I'm about 40 numbers over what would pass for a
> subnet range, i.e. 550 hosts vs 511 slots. This is a short term problem which

How do you plan on configuring your devices?  Different subnet mask?  That 
would be courting disaster.  That should read 510 (not 511).  BTW, are you 
using bridges to break up the subnet into (what we call) workgroups to reduce
traffic on portions of your subnet?  If so, you'll have another problem: 
all bridges have a finite limit in the number of ethernet addresses they 
can filter (we use HP with a limit of 512), beyond which, the bridges start 
to "leak" packets because the entry for that workstation just got clobbered
by the previous packet which leaked because it got clobbered because...

> will be fixed when we get the nerve to cut our ethernet cable. Cisco provides
> the "ip address ip-address subnet-mask secondary" command which allows me to
> assign two addresses to an interface, one on each of two subnets. This works
> like a charm *except* that the router will not send any routing info (RIP) to the
> secondary network. This is apparently by design since there is a warning in my
> manual that says "Secondary address are treated like primary addresses except
> that the system never generates datagrams with secondary source addresses". I
> think that means it does not send routing packets.

That command is really to allow you to configure your network to handle 
the situation where teh cisco can safely "dump" the packet out an interface
in the hope that someone out there will know how to pass it on.  The secondary
is included in the routing updates to all locations *except* the interface
it's coded on for a reason:  why advertise a route to yourself if all you can
do is send the packets right back out that interface?

> 
> 	Well, I can hard wire routes on all of my hosts on the secondary network,
> but that would be a problem since most of the new systems are user maintained, and
> it is hard enough to explain subnets to the uninitiated. Besides, sending routing
> info seems like a natural job for a router. Even if I could convince the cisco to
> just send out default to the secondary net I would be a lot happier. 

You'll also have to explain to your users why the subnet is so "shitty".

> 
> 	Of course, another possibility is to use a spare ethernet port on the router
> to connect to the same physical ethernet but have a different subnet address. I
> feel less comfortable about that idea tho - it also involves more hardware, and I
> suspect there would be many more collisions on the ethernet.

I had one site do just that; boy what a mess!  They were running 7.1 software.
Did you ever see a cisco _swap_ its ethernet addresses?  This one did; at
least that's the way "show arp" reported it...

> 
> 	The funny part is that I would also like to have the router send out *fewer*
> routing packets on the primary subnet. Every 30 seconds, we get a blast of
> approximately 200 networks advertised by rip from our external connections when
> all we really want to see on our network is "default". 

Then why not use proxy arp and code "passive-interface <interface>" under
"router rip"?  Hmmm.... You've got ether-Macs, KFPs or Apollos on your 
subnet?  Well then, you'll have to live with those routing updates going 
out if you want then to have access to the outside world.  :^(

> 
> 	Feast or famine.
> 
> 	Any suggestions?
> 
> 
> 	Dave Stampf

Sorry I can't give you more positive information...

Pierre Fortin       Bell-Northern Research     I know, my postings are
Internet Systems    P.O.Box 3511, Stn C        terse and humourless. So?
(613)763-2598       Ottawa, Ontario            RIP: aptly named protocol
fortinp@bnr.ca      Canada    K1Y 4H7          AppleTalk: Adam&Eve's design
